Login at Kodi Home

Rantanplan-1 · (This post was last modified: 2017-09-18, 21:42 by Rantanplan-1.)

Whats the conclusion now?

from my point of view a beta Repo where everyone who got a Addon in the main-Repo got acces.
+ a switch in Kodisettings to allow automatic betta Addons installation (global Kodisetting or/and a Setting per Addon), may would be handy.

on the "Pro" side:

- Developers can quickliy push fixes via beta Repo to the Users. (No reviewing from Theam Kodi needed for beta Repo changes.)
- User can decide if they would like to get updates from the beta Repo. (Global Switch in Kodisettimgs, or (or "and") per single Addon in dialog AddonInfo.)
- Only Developers got acces to the beta Repo who already got an addon in the official Repository. (So only a pool of "thrusted Developers" got acces to the beta Repo)
- No waitingtime for Users for fixes if "allow Installation from Beta Repo" Is enabled. (if them enabled auto Installation from beta Repo)
- As Developers can push quickly fixes to the beta Repo, they get quick feedback from Users without have to wait for the reviewing process by Team Kodi for fixes. (I guess there will be quickly enouth users who will be willing to allow Betas)
- Skinners dont have to hassel around with ".dev".
- through the restriction that only Developers, which got already an Addon in the main Repo have acces to the beta Repo, there may wouldnt be a "big mess" in the beta Repo.
- The official Repo will may be more attractive to developers, as it then will be possible to push quickly a fix to a Repo (Beta Repo) without have to wait for the reviewing process to get instand feedback from Users.

on the "Con" Side:

- May more Server space needed as some Addons will be in the beta and in the main Repo
- ?
- No Idea what else

---

(Not shure if the Idea with a global (+ single per Addon) Switch for allowing auto installation from the beta Repo is doable)

Would that be doable? What do u Guies think about this Idea? usable, doable?

its just a attempt to come up with something, may everyone is happy with.

--
In short the Idea again:
- 2 official Repos (beta and main)
- only acces to the beta Repo for developers who got already an addon in the oficial Repository ("thrusted Developers")
- Kodisetting to allow auto Installation for beta Addons / from beta Repository. (Global Kodisetting ("System" -> "Addons") and/or one button per Addon in DialogAddonInfo.)

**sarbes** · 2017-09-19, 00:32

Doing reviews is fundamental for any kind of official repo. One rogue dev would be enough to infect millions of installations. There can't be any trusted developers.

L0RE · 2017-09-19, 09:59

@sabes it could be done another Way

an Developer asks for Access for Plugin "XY" to dev Repo. The Code just get short Review about if its dangerous... Then The User get Access to Update his Addon automatically.

When a New Version is done ,it gets Online, also an Admin get a Mail to review the Code for Dangerous Code , so it can be remove after words.
Danger would be small since an Developer can only manipulate his Addon, and Dangerous Code would only exist for this Addon until the Review...
Since the Review is only for "Evil" code, not for Performance, Syntax, Review could be done much faster...
An Addon that hasn't changed for 3 Month, the User gets an Email if it isn't time to add it to the Prod Repo.?
if the Code hasn't Changed for 6 Month and doens't got put in Prod it get removed (Its an Beta for Prod Addons, after all)

So you would have most flexibility with minimal Risk,and it wouldn't happen that nothing goes to prod

docwra · (This post was last modified: 2017-09-19, 18:23 by docwra.)

Hmm difficult question I guess between security and openness...

I think this change will possibly mean Devs avoid the official repository and post more to unofficial ones. The second you upload an Add-on to the Kodi repository, you can no longer update it unofficially(if i get it right?).

What happens when the strict rules of the repository come into conflict with the developers goals? This may stop cool new features being written as the developer stays in the boundaries of the official repo walled garden or may make some developers move off and do their own thing.

Seems like you punish users(and more importantly developers) for the purposes of security. Maybe that's OK for Apple or Google to do, but is it the open-source way? Is there even a difference? Smile

I'm not against making it more secure though, I just don't think sledgehammer changes like this are the way.

As someone who runs a 3rd party repository, this would be a backwards change for the developers who use our site. I have a feeling from past experience that some members of the Kodi team would rather kill unnoffical repo's in any way they can Sad

Now that is the Apple way Smile

Rantanplan-1 · (This post was last modified: 2017-09-20, 02:21 by Rantanplan-1.)

(2017-09-19, 00:32)sarbes Wrote: There can't be any trusted developers.

In this case it also isnt save now as it would "just" need a reviewer who close his eys and a developer with an Addon with malicious code. (As much as i get that correctly a reviewer dont have to be a Teammember.)

I get ur point, nd yes with that solution there will still be a Risk, but isnt there always one? but guess the suggested solution could still be a improvement. to lower the risk, the code could be reviewed afterwards in the beta Repo (after an update was pushed to the beta repo and is already available), and if smoeone does something bad with his Addon, he could be kicked from beta Repo. (there could also be a Warning by enable autoupdate from beta Repo that the code isnt reviewed and that users enable this option at there own Risk.)

i just have difficulties to see an other solution which allows almost instand user feedback nd quick pushes from a Addon developer. (which seems needed in some cases, or is at least a workflow which seems to be prefered from one or the other Addon dev.)

(Kodi needs beta testers to)

just one opinion and not "carved in stone".

--
Edit:

There was also already a suggestion for thrusted Repos (Emby Repo as example), woult that (realy) be better than "Thrusted Developers" (just thinking out loud)

**Razze** · 2017-09-20, 10:49

(2017-09-20, 02:09)Rantanplan-1 Wrote:
(2017-09-19, 00:32)sarbes Wrote: There can't be any trusted developers.

In this case it also isnt save now as it would "just" need a reviewer who close his eys and a developer with an Addon with malicious code. (As much as i get that correctly a reviewer dont have to be a Teammember.)

At the moment reviewers are only teammembers. And normally it's at least checked by two reviewers unless it's a real simple change.

L0RE · (This post was last modified: 2017-10-30, 21:32 by L0RE.)

Any conclusion from the team , if and how it will be done ?

**rmrector** · 2018-01-07, 23:26

Can we get an official update on this please? I do not like being stuck between the two factions of Team Kodi, and this is unpleasant still hanging over every add-on's head.

**ronie** · 2018-01-07, 23:46

as far as i know, discussion on this topic has fully stalled... in other words: there's no news.

imho if we ever add such functionality, there should be some kind of opt-in/opt-out toggle for addons, so the addon dev can decide whether they want this 'kodi repo' protection or not.